5 Managing Security Artifacts 5-1 5 Managing Security Artifacts This chapter describes the procedures an administrator follows to manage application-specific security artifacts, view the external role hierarchy, manage the application role hierarchy, and manage the many-to-many mapping of application roles to external roles from both the application and the external role point of view. This chapter is divided into the following sections: ■ Managing Application Security Artifacts ■ Viewing the External Role Hierarchy ■ Managing the Application Role Hierarchy ■ Mapping Application Roles to an External Role ■ Mapping External Roles to an Application Role

5.1 Managing Application Security Artifacts

Authorization Policy Manager allows performing CRUD create, read, update, delete operations on several application security artifacts. The menu New, to create an artifact, is available in the Browser and Search Results tabs of the navigation panel, and advanced search results tables. The menu Open, to view and modify an artifact, is available in the Search Results tab of the navigation panel and advanced search results tables. The menu Delete, to remove an artifact, is available in advanced search results tables. The following sections describe how to manage specific security artifacts: ■ Managing Application Roles ■ Managing Application Resource Types ■ Managing Application Resources ■ Managing Application Entitlements ■ Managing Application Policies ■ Managing Application Role Categories Note: In regards to enterprise users and external roles, Authorization Policy Manager provides viewing and searching functionality only. To manage users and external roles, use Oracle Identity Manager or some other identity management tool. 5-2 Administrators Guide for Authorization Policy Manager

5.1.1 Managing Application Roles

The following sections describe how to manage application roles: ■ Creating a Role ■ Modifying a Role

5.1.1.1 Creating a Role

To create an application role, proceed as follows:

1. In the navigation panel, right-click the application Role Catalog icon and select

New , to open an Untitled page on the right panel.

2. In the General tab of the page, enter the following data for the role being created:

■ A role name required ■ A display name required ■ A description optional. Although optional, it is recommended because it can provide useful information about the role. ■ A role category, to which the role being created belongs optional

3. Click Save. Note the following changes in the page: a the title Untitled changes

to the string entered for display name; b two other tabs, Application Role Hierarchy and External Role Mapping, become available. 4. To position the role being created in the application role hierarchy:

1. Bring the Application Role Hierarchy tab to the foreground.

2. To view or specify the application roles this role inherits, select Inherits and

click Add to display the Add a Role dialog. In the Add a Role dialog, query application roles with a given display name empty string fetches all roles, select one or more roles from the results Ctrl-click allows selecting one role at the time, and then click Add, to display the selected roles in the Inherits table. To delete a role from the Inherits table, select the role and click Remove; only roles directly under the top can be removed. To view a role, select the role and click Open; to find the policies that use a role, select the role and click Find Policies . To create a policy based on the application role, click Create Policy at the top of the page. To specify application roles for a role in the Inherits table, select the role, and click Add to display the Add a Role dialog. In that dialog, click the radio button for the selected role, and proceed to search and select roles to add. Then click Add, to display the added roles under the selected role.

3. To view the application roles that this role is inherited by, select Is Inherited

By . To view a role in the Is Inherited table, select the role and click Open; to view the policies that use a role, select the role and click View Policies. In both pages, Inherits and Is Inherited By, the bottom area displays the summary information of a role selected from the table. 5. To map external roles to the application role being created:

1. Bring the External Role Mapping tab to the foreground.